Jump to content

HIPS Rule Wilcard


HALO
 Share

Recommended Posts

Hello everyone,

 

I just want to create a HIPS rule that can block an application that running in C:\users\user\appdata. I want to deploy this configuration via ERA Policy. So I need to specify a path like C:\users\*\appdata\applicationfolder. As I see it, ESET accept only exact path while I am creating HIPS rule. Is there any solution for this?

 

Thank you

Link to comment
Share on other sites

  • Administrators

Even if wildcards were supported in rules, the %APPDATA% variable wouldn't resolve as expected as it resolves to C:\Windows\system32\config\systemprofile\AppData for the local system account in which ekrn.exe runs.

Link to comment
Share on other sites

Hello HALO,

 

Instead of using ESET HIPS to prevent malware executables from being run out of the appdata directories, i would create a GPO for your users to combat this. You will have more options using windows.

If you need assistance i know the Crypto Prevention Kit has some GPO's for servers and term servers you can import with little effort.

Edited by Arakasi
Link to comment
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...